Next: Samba Services, Previous: VPN Services, Up: Services [Contents][Index]
The (gnu services nfs) module provides the following services,
which are most commonly used in relation to mounting or exporting
directory trees as network file systems (NFS).
While it is possible to use the individual components that together make
up a Network File System service, we recommended to configure an NFS
server with the nfs-service-type.
The NFS service takes care of setting up all NFS component services, kernel configuration file systems, and installs configuration files in the locations that NFS expects.
A service type for a complete NFS server.
This data type represents the configuration of the NFS service and all of its subsystems.
It has the following parameters:
nfs-utils (default: nfs-utils)The nfs-utils package to use.
nfs-versions (default: '("4.2" "4.1" "4.0"))If a list of string values is provided, the rpc.nfsd daemon
will be limited to supporting the given versions of the NFS protocol.
exports (default: '())This is a list of directories the NFS server should export. Each entry is a list consisting of two elements: a directory name and a string containing all options. This is an example in which the directory /export is served to all NFS clients as a read-only share:
(nfs-configuration
(exports
'(("/export"
"*(ro,insecure,no_subtree_check,crossmnt,fsid=0)"))))
rpcmountd-port (default: #f)The network port that the rpc.mountd daemon should use.
rpcstatd-port (default: #f)The network port that the rpc.statd daemon should use.
rpcbind (default: rpcbind)The rpcbind package to use.
idmap-domain (default: "localdomain")The local NFSv4 domain name.
nfsd-port (default: 2049)The network port that the nfsd daemon should use.
nfsd-threads (default: 8)The number of threads used by the nfsd daemon.
nfsd-tcp? (default: #t)Whether the nfsd daemon should listen on a TCP socket.
nfsd-udp? (default: #f)Whether the nfsd daemon should listen on a UDP socket.
pipefs-directory (default: "/var/lib/nfs/rpc_pipefs")The directory where the pipefs file system is mounted.
debug (default: '()")A list of subsystems for which debugging output should be enabled. This
is a list of symbols. Any of these symbols are valid: nfsd,
nfs, rpc, idmap, statd, or mountd.
If you don’t need a complete NFS service or prefer to build it yourself you can use the individual component services that are documented below.
The RPC Bind service provides a facility to map program numbers into universal addresses. Many NFS related services use this facility. Hence it is automatically started when a dependent service starts.
A service type for the RPC portmapper daemon.
Data type representing the configuration of the RPC Bind Service. This type has the following parameters:
rpcbind (default: rpcbind)The rpcbind package to use.
warm-start? (default: #t)If this parameter is #t, then the daemon will read a
state file on startup thus reloading state information saved by a previous
instance.
The pipefs file system is used to transfer NFS related data between the kernel and user space programs.
A service type for the pipefs pseudo file system.
Data type representing the configuration of the pipefs pseudo file system service. This type has the following parameters:
mount-point (default: "/var/lib/nfs/rpc_pipefs")The directory to which the file system is to be attached.
The global security system (GSS) daemon provides strong security for RPC
based protocols.
Before exchanging RPC requests an RPC client must establish a security
context. Typically this is done using the Kerberos command kinit
or automatically at login time using PAM services (see Kerberos Services).
A service type for the Global Security System (GSS) daemon.
Data type representing the configuration of the GSS daemon service. This type has the following parameters:
nfs-utils (default: nfs-utils)The package in which the rpc.gssd command is to be found.
pipefs-directory (default: "/var/lib/nfs/rpc_pipefs")The directory where the pipefs file system is mounted.
The idmap daemon service provides mapping between user IDs and user names. Typically it is required in order to access file systems mounted via NFSv4.
A service type for the Identity Mapper (IDMAP) daemon.
Data type representing the configuration of the IDMAP daemon service. This type has the following parameters:
nfs-utils (default: nfs-utils)The package in which the rpc.idmapd command is to be found.
pipefs-directory (default: "/var/lib/nfs/rpc_pipefs")The directory where the pipefs file system is mounted.
domain (default: #f)The local NFSv4 domain name.
This must be a string or #f.
If it is #f then the daemon will use the host’s fully qualified domain name.
verbosity (default: 0)The verbosity level of the daemon.
The autofs service automatically mounts and unmounts filesystems. It can mount both network and local storage, but is most often used to manage NFS mounts.
A typical configuration might look like:
(operating-system
(services
(append
(list
(service nfs-service-type (nfs-configuration ))
(service autofs-service-type
(autofs-configuration
(mounts
(list
(autofs-indirect-map
(mount-point "/net/home")
(entries
(list
;; Accessing /net/home/foo will mount
;; big.network.server:/home/foo.
(autofs-map-entry
(type "nfs")
(device "big.network.server:/home/&")
(mount-point "*"))))))))))
%base-services )))
Available autofs-indirect-map fields are:
mount-point (type: string)Where to mount the indirect map.
entries (default: ()) (type: autofs-map-entries)Entries in this map.
Available autofs-map-entry fields are:
type (default: "auto") (type: string)The type of the filesystem.
device (type: string)Device or remote host to mount. May contain special character &,
which can be referenced in the mount-point field.
mount-point (type: string)Directory to mount this device on. Map entries come in two flavors:
direct and indirect. Direct entries map a single device to a single
mountpoint, while indirect entries can map multiple devices to multiple
mountpoints. A direct entry has a mount-point beginning with
/, representing the absolute path of the directory to mount the
device on. For example:
(autofs-map-entry
(type "ext4")
(device "/dev/sdb1")
(mount-point "/mnt/external-disk"))
An indirect entry has a mount-point not beginning with /,
representing the subdirectory within the parent indirect map for this
entry. Indirect maps may also use the special character *, which
will be replaced with the value of special character & in the
device field of this entry. For example:
(autofs-indirect-map
(mount-point "/devices")
(entries
(list
;; Automount any block device r/o by ID.
(autofs-map-entry
(type "auto")
(mount-point "ro/uuid/*")
(device "/dev/disk/by-id/&")
(options '(ro)))
;; Automount any block device by UUID.
(autofs-map-entry
(type "auto")
(mount-point "rw/uuid/*")
(device "/dev/disk/by-uuid/&")))))
options (default: ()) (type: file-system-options)List of mount options. Some options are simple flags, such as ro,
noexec, nosuid, etc. These may be expressed as strings or symbols.
Other options also accept a value. These are expressed as pairs of
(option . value). option may be a string or symbol, as
with flags. value may be a string, symbol, or number. Example:
(ro (errors . remount-ro) noexec)
Available autofs-configuration fields are:
autofs (default: autofs) (type: package)The autofs package to use.
mounts (default: ()) (type: autofs-mount-maps)Mount maps to manage. This is a list of either direct map entries or indirect mount maps.
timeout (default: 300) (type: conf-integer)Sets the default mount timeout in seconds.
master-wait (default: 10) (type: conf-integer)Sets the default maximum number of retries (actual iterations is half this, each is delayed by 2 seconds before retrying) waiting for the master map to become available if it cannot be read at program start. This can be longer if the map source itself waits for availability (such as sss).
negative-timeout (default: 60) (type: conf-integer)Set the default timeout for caching failed key lookups.
mount-verbose? (default: #f) (type: conf-boolean)Use the verbose flag when spawning mount(8), and log some process info about the requestor and its parent.
mount-wait (default: -1) (type: conf-integer)Set the default time to wait for a response from a spawned mount(8) before sending it a SIGTERM. Note that we still need to wait for the RPC layer to timeout before the sub-process exits so this isn’t ideal but it is the best we can do. The default is to wait until mount(8) returns without intervention.
umount-wait (default: 12) (type: conf-integer)Set the default time to wait for a response from a spawned umount(8) before sending it a SIGTERM. Note that we still need to wait for the RPC layer to timeout before the sub-process exits so this isn’t ideal but it is the best we can do.
browse-mode? (default: #t) (type: conf-boolean)Should maps be browsable by default?
mount-nfs-default-protocol (default: 3) (type: conf-integer)Set the default protocol that mount.nfs(8) uses when performing a mount. Autofs needs to know the default NFS protocol that mount.nfs(8) uses so it can do special case handling for its availability probe for different NFS protocols. Since we can’t identify this default automatically we need to set it in the autofs configuration.
append-options? (default: #t) (type: conf-boolean)When #t, global options are appended to map entry options. When #f, map entry options replace the global options.
logging (type: conf-log-level)Default log level. May be #:none, #:verbose, or #:debug.
force-standard-program-map-env? (default: #f) (type: conf-boolean)Override the use of a prefix with standard environment variables when a program map is executed. Since program maps are run as the privileged user setting these standard environment variables opens automount(8) to potential user privilege escalation when the program map is written in a language that can load components from, for example, a user home directory.
map-hash-table-size (default: 1024) (type: conf-integer)This configuration option may be used to change the number of hash table slots. This configuration option affects the overhead of searching the map entry cache for map entries when there are a large number of entries. It affects the number of entries that must be looked at to locate a map entry in the map entry cache. For example, the default of 1024 and a direct map with 8000 entries would result in each slot containing an average of 8 entries, which should be acceptable. However, if excessive CPU usage is observed during automount lookups increasing this option can reduce the CPU overhead considerably because it reduces the length of the search chains. Note that the number of entries in a map doesn’t necessarily relate to the number of entries used in the map entry cache. There are two distinct cases where the map hash table can make a significant difference, direct maps and indirect maps that use the "browse" option. For indirect maps that do not use the "browse" option entries are added to the map entry cache at lookup so the number of active cache entries, in this case, is usually much less than the number of entries in the map. In this last case it would be unusual for the map entry cache to grow large enough to warrant increasing the default before an event that cleans stale entries, a map re-read for example.
use-hostname-for-mounts? (default: #f) (type: conf-boolean)NFS mounts where the host name resolves to more than one IP address are probed for availability and to establish the order in which mounts to them should be tried. To ensure that mount attempts are made only to hosts that are responding and are tried in the order of hosts with the quickest response the IP address of the host needs to be used for the mount. If it is necessary to use the hostname given in the map entry for the mount regardless, then set this option to #t. Be aware that if this is done there is no defense against the host name resolving to one that isn’t responding and while the number of attempts at a successful mount will correspond to the number of addresses the host name resolves to the order will also not correspond to fastest responding hosts.
disable-not-found-message? (default: #f) (type: conf-boolean)The original request to add this log message needed it to be unconditional. That produces, IMHO, unnecessary noise in the log so a configuration option has been added to provide the ability to turn it off.
use-ignore-mount-option? (default: #f) (type: conf-boolean)An option to enable the use of autofs pseudo option "disable". This option is used as a hint to user space that the mount entry should be omitted from mount table listings. The default is #f to avoid unexpected changes in behaviour and so is an opt-in setting.
sss-master-map-wait (default: 0) (type: conf-integer)Set the time to wait and retry if sssd is unable to read the master map at program start. Default is 0 (don’t wait) or 10 if sss supports returning EHSTDOWN when the provider isn’t available. If the sss library upports returning EHOSTDOWN when the provider is down then this value is how long to wait between re‐ tries reading the master map. When reading dependent maps or looking up a map key this value is multiplied by the number of retries that would be used when reading the master map.
use-mount-request-log-id? (default: #f) (type: conf-boolean)Set whether to use a mount request log id so that log entries for specific mount requests can be easily identified in logs that have multiple concurrent requests.
Next: Samba Services, Previous: VPN Services, Up: Services [Contents][Index]